We have seen some small steps towards using our iPhone to prove our identity. But two recent developments point to a future in which the iPhone – in addition to biometrics – could allow us to use our phone as a single means of verifying our identity, both online and in face-to-face interactions.
Overall, Apple is providing support for four initiatives that I believe provide a clear indication of a future in which the iPhone will be our only identification device…
Verify our identity with iPhone
Apple currently provides support for four separate initiatives:
- Mobile driving licenses
- Password-free login with cloud passkeys
- Student ID
- Bypass captcha
Each of these constitute some of the early steps for what will eventually be a world in which our iPhone will be the primary way we establish our identity, whether online or offline.
Mobile driver’s licenses (mDL)
Back in June of last year, Apple announced its plans to allow government identification documents such as driver’s licenses in the Wallet app.
To be completely free of your physical wallet, there is one more thing we need to bring to the iPhone. This is your identity. So we’re bringing ID cards into Apple Wallet. This fall, you will only scan your driver’s license or state ID in participating US states. It’s easy. Your identity information is now in Wallet. Encrypted and stored in the Secure Element, the same device element technology that makes Apple Pay private and secure.
The company said the Transportation Security Administration (TSA) will climb aboard, allowing iPhone owners to provide digital copies of their driver’s licenses as proof of identity for airline travel.
TSA enables airport security checkpoints as the first place you can use your digital identity.
It didn’t happen in the fall of 2021 as planned, and when it finally did, it was just dipping a toe in the water. As the mDL (Mobile Driver’s License) Tracker explains, the system has not been officially implemented anywhere in the US yet, and there are few trials at a few airports.
The government wheel is moving very slowly, so the point at which we can flash our iPhone at a TSA checkpoint or a traffic cop is a bit far away yet, but about 30 states have announced that they are at least exploring the idea.
Student ID cards
The partnership with Blackboard allows college students to store their ID card in the Wallet app, which can then be used for everything from entering campus facilities to paying their laundry bills.
Students who upload their IDs into Apple Wallet on iPhone/Apple Watch will have secure access to campus facilities, halls of residence, etc. as well as use the digital card for payments at vending machines, dining halls, laundry and even beyond – campus retail locations that accept Student IDs as a means of payment.
Cloud / FiDO passkeys
In 2020, Apple joined the Fido Alliance, a technology working group dedicated to removing passwords. We previously explained how FiDO (Fast IDentity Online) works.
Currently, to log into a website or app, we usually enter a username and password. What FIDO does is instead allow our device to authenticate us. The logic is this (using iPhone with Face ID as an example):
- A website or app asks you to identify yourself and prove your identity.
- The iPhone receives this request and activates Face ID.
- If your face matches, your iPhone tells the website who you are,
And it confirmed your identity.
NO PASSWORD INCLUDE AT ANY TIME: The authentication is performed on your device, not on the website’s server. The web server trusts your iPhone to authenticate you in exactly the same way that you trust your phone’s payment terminals for Apple Pay transactions.
Apple described its implementation of FiDO as Passkeys in the Cloud. After a halfway house in iOS 15, the iPhone maker fully implemented it in iOS 16 and macOS 13.
Of course, it also requires online services to support the login method, and that will take some time again.
iOS 16 allows us to bypass Captchas in apps and on the web.
A new feature called Private Access Tokens will use a combination of details about your device and your Apple ID to tell the website that you are a legitimate user and not a bot. This, in turn, allows you to completely bypass the CAPTCHA step.
This might seem like a strange thing to mention in this context, because it doesn’t actually verify our identity, but it works on the same principle – it implements some form of user validation, and the authentication needed for this happens all over our site. device.
Again, this requires app and website subscription, so getting up and running will take a while, but it’s an easy way to improve the user experience while reducing friction (points people might drop), so again I expect to adopt you to be reasonably fast.
Proving our identity in this way will become the norm
In the long term, I expect that the principles embodied here will become the standard way in which we establish our identity, both online and offline. This is because it is safer for everyone involved – individuals, businesses, and governments.
It is safer for us both online and offline.
Online data breaches are ridiculously common. Companies keep making silly mistakes like storing customer databases on cloud servers without any protection, or tampering with the permissions of anyone with access to their network who can download customer records. With FiDO, there is no hacking database
In offline mode, only the necessary personal data is disclosed, and this is done in an encrypted form. When you show your mobile driver’s license at the TSA checkpoint, they only receive the actual data they need, not all the data stored in/on your license. It’s pretty much the equivalent of Apple Pay, where the payment terminal doesn’t get all the information on your credit card, and relies on your iPhone to confirm that it’s verified your identity with Face ID or Touch ID.
Keeping customer data safe from hackers is one of the biggest problems businesses face. The financial and reputational cost of a security breach can be very costly. With FiDO, no user credentials are stored on the server because authentication happens entirely on our devices. (Of course, they still have to keep other customer data secure, but removing the need for login credentials is a huge win.)
Paper documents can be convincingly forged, despite watermarks and the like, which is why really important documents like passports also rely on electronic security in the form of an embedded RFID chip. Transferring all identity documents to electronic copies, with biometric protection, is a major step forward in security.
There is tremendous additional potential in this approach
I mentioned above that companies still have to store some customer data, such as addresses. But what if they don’t have to? What if you place an order online, and your iPhone or Mac sends an encrypted code that can only be decrypted by courier companies?
What if your doctor didn’t contact you with the test results, but instead sent you a link to a file that can only be read by a device that uses biometric authentication to prove your identity?
What if you don’t have to show your credit card or ID when collecting concert tickets, but your iPhone verifies your identity without revealing any of your data?
It doesn’t take much imagination to see the huge potential of device authentication to use in any situation where we need to prove our identity, whether online or offline.
For me, device authentication is the future of identity checks, and even – ultimately – passports and visas. Personally, I can’t wait. what about you? Please take part in our survey, and share your thoughts in the comments.
FTC: We use affiliate links to earn income. more.
Check out 9to5Mac on YouTube for more Apple news: